From df77f0c0f6ce284e00e3eca802e9cc768a9c202a Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Mon, 20 Jan 2020 12:27:54 +0100 Subject: sync with Fedora Backport patch for CVE 2020-6851 --- openjpeg2-static.spec | 24 +++++++++++++++++++----- 1 file changed, 19 insertions(+), 5 deletions(-) (limited to 'openjpeg2-static.spec') diff --git a/openjpeg2-static.spec b/openjpeg2-static.spec index 7ee2dba..35f14e9 100644 --- a/openjpeg2-static.spec +++ b/openjpeg2-static.spec @@ -6,9 +6,12 @@ #global optional_components 1 +# https://bugzilla.redhat.com/show_bug.cgi?id=1751749 +%global _target_platform %{_vendor}-%{_target_os} + Name: openjpeg2-static Version: 2.3.1 -Release: 2%{?dist} +Release: 4%{?dist} Summary: C-Library for JPEG 2000 # windirent.h is MIT, the rest is BSD @@ -20,10 +23,11 @@ Source0: https://github.com/uclouvain/openjpeg/archive/v%{version}/openjp Source1: data.tar.xz %endif -# Remove bundled libraries -Patch0: openjpeg2_remove-thirdparty.patch # Rename tool names to avoid conflicts with openjpeg-1.x -Patch1: openjpeg2_opj2.patch +Patch0: openjpeg2_opj2.patch +# Backport patch for CVE 2020-6851 +# https://github.com/uclouvain/openjpeg/issues/1228 +Patch1: openjpeg2_CVE-2020-6851.patch BuildRequires: cmake @@ -209,7 +213,7 @@ OpenJPEG2 JP3D module command line tools %patch1 -p1 # Remove all third party libraries just to be sure -rm -rf thirdparty +find thirdparty/ -mindepth 1 -maxdepth 1 -type d -exec rm -rf {} \; %build @@ -338,6 +342,16 @@ make test -C %{_target_platform} %changelog +* Mon Jan 20 2020 Remi Collet - 2.3.1-4 +- sync with Fedora +- Backport patch for CVE 2020-6851 + +* Fri Jan 17 2020 Sandro Mani - 2.3.1-4 +- Backport patch for CVE 2020-6851 + +* Wed Oct 02 2019 Sandro Mani - 2.3.1-3 +- Fix unbundling 3rd party libraries (#1757822) + * Thu Apr 4 2019 Remi Collet - 2.3.1-2 - re-add -fPIC build flag -- cgit